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DETAILED ACTION 

1. Claims 1-32 are pending in this application, 

Claim Rejections - 35 USC § 112 

2. The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

3. Claims 8 and 25-26 are rejected under 35 U.S,C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. 

4. The following terms lack antecedent basis: 

a. In line 3 of claim 25, "the step of filtering". 

b. In lines 6-7 of claim 25, "the transformation-triggering criterion". 



5. The following claim language is indefinite: 

a. In claim 8, it is unclear what the meaning of "in the presence in the I/O data of a 
copy protection indication" means. It appears to be a grammatical error of some sort that 
makes it difficult to identify how the claim is limited. 

b. In claim 26, it is rejected for being dependent upon indefinite claim 25, as 
discussed above in paragraph 4. 
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Claim Rejections - 35 USC § 102 

6. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

7 Claims 1-3, 9-11, and 25-32 are rejected under 35 U.S.C 102(e) as being anticipated 
by Cota-Robles et al. (US 2002/0143842) (hereinafter Cota-Robles). 

8. As per claim 1, Cota-Robles teaches the invention as claimed, including a method for 
controlling input/output [I/O] operations of a user's computer comprising the following steps: 

implementing the user's computer as a virtual machine [VM] (paragraphs 0019-0020); 

including a virtual machine monitor [VMM] as a VM-transparent interface between the 
VMT5Id"apHysical computer system that includes at least one device (paragraphs 0019-0020); 

in the VMM: 

sensing a request for an I/O operation between the VM and the device (paragraphs 
0027, 0029, 0042, 0047); 

performing a predetermined transformation of I/O data passing between the VM 
and the device (paragraphs 0015, 0027, 0047); 

the transformation of the I/O data thereby being undefeatable by any user action via the 
VM (paragraphs 0025, 0027, 0029, 0047). 
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9. As per claim 2, Cota-Robles teaches the invention as claimed, including a method as in 
claim 1 , in which: 

the device is a display (paragraph 0015), 

the I/O data is VM display data output from the VM and intended for display (paragraph 
0015, 0027, 0029, 0042, 0047); and 

the predetermined transformation is a replacement of at least a portion of the VM display 
data with non-defeatable display data stored external to the VM but accessible to the VMM 
(paragraphs 0015, 0027, 0047); 

further including the step of displaying the VM display data with the non-defeatable 
display data overlaid (paragraphs 001 5, 0025, 0027, 0029, 0047). ; 

10. As per claim 3, Cota-Robles teaches the invention as claimed, including a method as in 
claim 1, further including the following steps: 

filtering the I/O data with respect to at least one predetermined filtering ; condition 
(paragraphs 0027, 0029, 0042, 0047); and 

performing the predetermined transformation of the I/O data only when the filtering 
condition is met (paragraphs 0027, 0029, 0042, 0047). 

11. As per claim 9, Cota-Robles teaches the invention as claimed, including a method as in 
claim 1, in which the predetermined transformation comprises insertion into the I/O data of a 
source indication associated with the VM (paragraphs 0027, 0029, 0042, 0047). 
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12. As per claim 10, Cota-Robles teaches the invention as claimed, including a method as in 
claim 1, in which the transformation is time-varying (paragraphs 0015, 0023). 

13. As per claim 11, Cota-Robles teaches the invention as claimed, including a method as in 
claim 1, in which the device is a network connection device (paragraphs 0015, 0023). 

14. As per claim 25, Cota-Robles teaches the invention as claimed, including a method as in 
claim 1 , in which: 

the VM supports a plurality of I/O modes (paragraphs 0015, 0023); 

the step of filtering is performed on I/O data corresponding to a first one of the plurality 
of I/O modes (paragraphs 0027, 0029, 0042, 0047); and 

the predetermined transformation is applied to I/O data in a second one of the I/O modes 
when the I/O data in the first I/O mode satisfies the transformation-triggering criterion 
^paragraphs 00 1 5, 0027, 0029, 0042, 0047). 

15. As per claim 26, Cota-Robles teaches the invention as claimed, including a method as in 
claim 25, in which the I/O modes include a video mode and an audio mode (paragraphs 0015, 
0023). 

16. As per claim 27, Cota-Robles teaches the invention as claimed, including a method for 
controlling input/output (I/O) of a user's computer comprising the following steps: 
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implementing the user's computer as a virtual machine [VM] (paragraphs 0019-0020); 

including a virtual machine monitor [VMM] as a VM-transparent interface between the 
VM and a physical computer system that includes at least one device that carries out an I/O 
operation on the basis of device control data (paragraphs 0019-0020, 0027, 0029, 0042, 0047); 

storing the device control data associated with the VM in a buffer in the VMM 
(paragraphs 0019-0020, 0027, 0029, 0042, 0047); 

upon sensing a transformation command from an administrative system external to the 
VM, entering replacement data into at least a portion of the buffer (paragraphs 0027, 0029, 0042, 
0047); 

the entry of the replacement data thereby being undefeatable by any user action via the 
VM (paragraphs 0025, 0027, 0029, 0047). 

17. As per claim 28, Cota-Robles teaches the invention as claimed, including a system for 
controlling input/output [I/O] operations of a user's computer, comprising: 

avirtual machine [VM] constituting the user's computer (paragraphs 0019-0020); 

a virtual machine monitor [VMM] forming a VM-transparent interface between the VM 
and a physical computer system that includes at least one device (paragraphs 0019-0020); 

the VMM including means: 

for sensing a request for an I/O operation between the VM and the device 

(paragraphs 0027, 0029, 0042, 0047); and 

for performing a predetermined transformation of I/O data passing between the 

VM and the device (paragraphs 0015, 0027, 0047); 
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the transformation of the I/O data thereby being undefeatable by any user action via the 
VM (paragraphs 0025, 0027, 0029, 0047). 

18. As per claim 29, Cota-Robles teaches the invention as claimed, including a system as in 
claim 28, in which the device is a display and the I/O data is VM display data (paragraph 0015). 

19. As per claim 30, Cota-Robles teaches the invention as claimed, including a system as in 
claim 29, further comprising: 

a display buffer within the VMM for storing the VM display data that is output from the 
VM and is intended for display (paragraph 0015, 0027, 0029, 0042, 0047); and 

transformation means located within the VMM for replacing at least a portion of the VM 
display data stored in the display buffer with non-defeatable display data (paragraph 0015, 0027, 
0029, 0042, 0047); 

in which the display is provided for displaying the contents of the display buffer 
(paragraphs 0015, 0023, 0027, 0042, 0047). 

20 - As per claim 31, Cota-Robles teaches the invention as claimed, including a system as in 
claim 28, in which the device is a data storage device (paragraphs 0015, 0023). 



21. As per claim 32, Cota-Robles teaches the invention as claimed, including a system as in 
claim 28, in which the device is a network connection device (paragraphs 0015, 0023). 
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Claim Rejections - 35 USC §103 

22. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

23 Claims 4-5, 8, and 21-24 are rejected under 35 U.S.C. 103(a) as being unpatentable 

over Cota-Robles in view of O'Neil et al. (USPN 5,987,440) (hereinafter O'Neil). 

24. As per claim 4, O'Neil teaches the invention as claimed, including a method as in claim 
3, in which the filtering condition is that the I/O data includes at least one predetermined 
restricted term (Abstract, col 56 lines 5-40; col. 57 line 60 - col. 58 line 63). 

25. It would have been obvious to one of ordinary skill in the art to combine Cota-Robles and 
O'Neil since Cota-Robles, while presenting a method of representing a processing device in a 
virtual machine to control input and output, does not present specific types of input/output 
devices, or how certain features therein would be implemented. Modern computing is embodied 
within a networked environment to the point where it is nearly commonplace. With this advent 
in computing, protecting the integrity of data is of utmost importance. O'Neil provides a method 
of protecting information security within a virtual private network, or other type of network, such 
that personal data or other sensitive data can be trusted and more securely transferred- 
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26. As per claim 5, O'Neil teaches the invention as claimed, including a method as in which 
the filtering condition is that the I/O data is from a predetermined restricted source (Abstract, col 
56 lines 5-40; col 57 line 60 - col. 58 line 63). 



27. As per claim 8, O'Neil teaches the invention as claimed, including a method as in claim 
3, in which the predetermined filtering condition in the presence in the I/O data of a copy 
protection indication (Abstract, col. 56 lines 5-40; col. 57 line 60 - col. 58 line 63). 

28. As per claim 21, O'Neil teaches the invention as claimed, including a method as in claim 
1, in which: 

the device is a network connection device (Abstract, col 56 lines 5-40; col. 57 line 60 - 
col. 58 line 63); 

the requested I/O operation is a transfer of data between the VM and the network 
connection device (Abstract, col. 56 lines 5-40; col. 57 line 60 - col. 58 line 63); and 

~~ : the-step"i3f-performing the predetermined transformation 1 compriseTchan^ 
portion of the data during the transfer between the VM and the network connection device 
(Abstract, col. 56 lines 5-40; col. 57 line 60 - col. 58 line 63). 
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29. As per claim 22, O'Neil teaches the invention as claimed, including a method as in claim 
21, in which the step of performing the predetermined transformation of the I/O data comprises 
encrypting data written by the VM to the network connection device and decrypting data read 
from the network connection device by the VM (Abstract, col. 56 lines 5-40; col. 57 line 60 - col. 
58 line 63). 

30. As per claim 23, O'Neil teaches the invention as claimed, including a method as in claim 
21 , in which the step of performing the predetermined transformation of the I/O data comprises 
compressing data written by the VM to the network connection device and decompressing data 
read from the network connection device by the VM (Abstract, col 56 lines 5-40; col. 57 line 60 
- col. 58 line 63). 

3 1 . As per claim 24, O'Neil teaches the invention as claimed, including a method as in claim 
1, in which the step of performing the predetermined transformation of the I/O data comprises 
cryptographic transformation of the I/O data (Abstract, col 56 lines 5-40; col. 57 line"60 - col 58 
line 63). 

32 Claims 6-7, 15-17 are rejected under 35 ILS-C. 103(a) as being unpatentable over 
Cota-Robles in view of Pasieka (USPN 6,587,945). 



33. As per claim 6, Pasieka teaches the invention as claimed, including a method as in claim 
3, in which: 
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the I/O data includes image data (col 4 line 58 - col. 5 line 17); 

the step of filtering the I/O data comprises detecting the presence of a representation of a 
target image within the image data (col 4 line 58 - col. 5 line 17); and 

the predetermined transformation is substitution of a representation of a replacement 
image in place of the representation of the target image (col. 4 line 58 - col. 5 line 17). 

34. It would have been obvious to one of ordinary skill in the art to combine Cota-Robles and 
Pasieka since Cota-Robles, while presenting a method of representing a processing device in a 
virtual machine to control input and output, does not present specific types of input/output 
devices, or how certain features therein would be implemented. In systems that utilize virtual 
machines, Internet applications or other network computing is very common. Along with this 
type of processing comes a transfer of image data or other display data. While Cota-Robles 
mentions this type of input/output briefly, it does not specifically address how the transmission 
of these images would be protected. Pasieka provides such a method of digitally signing an 
image before it is transferred, such that the origin and integrity of a document or image can be 
verified before it is displayed on a user's screen. 

35. As per claim 7, Pasieka teaches the invention as claimed, including a method as in claim 
6, in which: 

the I/O data is in a non-character image format (col. 4 line 58 - col. 5 line 17); 
the target image is a representation of a restricted character string (col. 4 line 58 - col. 5 
line 17); and 
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the step of filtering the I/O data comprises applying character recognition to the I/O data 
(col. 4 line 58 - col. 5 line 17). 

36. As per claim 15, Pasieka teaches the invention as claimed, including a method as in claim 
1, in which: 

the device is a display (col. 4 line 58 - col. 5 line 17); 

the display renders data stored in a display map (col. 4 line 58 - col 5 line 17), and 
the step of performing the predetermined transformation comprises altering a selected 
portion of the display map (col. 4 line 58 - col 5 line 17). 

37. As per claim 16, Pasieka teaches the invention as claimed, including a method as in claim 
15, in which the step of altering the selected portion of the display data comprises substituting 
predetermined, non-defeatable display data for the selected portion (col. 4 line 58 - col. 5 line 
17). 



38. As per claim 17, Pasieka teaches the invention as claimed, including a method as in claim 
15, in which the step of altering the selected portion of the display data comprises changing all 
occurrences in the display map of a display color to a predetermined replacement color (col. 6 
lines 15-54). 

39 Claims 12-14 are rejected under 35 U.S.C 103(a) as being unpatentable over Cota- 
Robles in view of Narlikar et al. (US 2002/0069241)* 
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40. As per claim 12, Narlikar teaches the invention as claimed, including a method as in 
claim 11, in which the predetermined transformation is a bandwidth limiting of the I/O data 
being transferred between the VM and the network connection device (Abstract, paragraphs 
0003-0005, 0012, 0019). 

41 . It would have been obvious to one of ordinary skill in the art to combine Cota-Robles and 
Narlikar since in a networked computing environment, processing bottlenecks can lead to loss of 
data, inconsistent processing, or other failures. This particular type of input/output processing 
must be accounted for in a network environment. Often, such issues are handled by proxy 
servers that distribute loads evenly among servers, such that one node does not handle an 
excessive amount of requests. Pasieka provides such a proxy method, wherein if a request is 
directed to a heavily loaded node, the request is redirected to a proxy server, which determines 
the best way to distribute that request. Thus, processing throughput can be improved giving rise 
to more reliable and efficient processing. 



42. As per claim 13, Narlikar teaches the invention as claimed, including a method as in 
claim 1 1, in which: 

the requested I/O operation is a transfer of the I/O data between the VM and the network 
connection device (Abstract, paragraphs 0003-0005, 0012, 0019); and 

the predetermined transformation is a time delay of the transfer (Abstract, paragraphs 
0003-0005, 0012, 0019). 
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43. As per claim 14, Narlikar teaches the invention as claimed, including a method as in 
claim 11, in which: 

the requested I/O operation is a transfer of the I/O data from the VM to a first destination 
address via the network connection device (Abstract, paragraphs 0003-0005, 0012, 0019); 

the predetermined transformation is a redirection of the I/O data to a second destination 
address different from the first (Abstract, paragraphs 0003-0005, 0012, 0019). 

44. Claims 18-20 are rejected under 35 ILS.C. 103(a) as being unpatentable over Cota- 
Robles in view of Samar (US 2002/0078049). 

45. As per claim 18, Samar teaches the invention as claimed, including a method as in claim 
1 , in which: 

the device is a data storage device (Abstract, 0029, 0030, 0040, 0041); 

the requested I/O operation is a transfer of data between the VM and the storage device 
^Abstract, 0029, 0030, 0040, 0041); and 

the step of performing the predetermined transformation comprises changing at least a 
portion of the data during the transfer between the VM and the storage device (Abstract, 0029, 
0030, 0040, 0041). 
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46. It would have been obvious to one of ordinary skill in the art to combine Cota-Robles and 
Samar since Cota-Robles, while presenting a method of representing a processing device in a 
virtual machine to control input and output, does not present specific types of input/output 
devices, or how certain features therein would be implemented. Modern computing utilizes data 
stores and databases to store sensitive data. With this advent in computing, protecting the 
integrity of the data is of utmost importance. Samar provides a method of determining if data 
that is to be stored is of a sensitive nature, and if so, encrypting the data such that it can be 
protected against unauthorized access. 

47. As per claim 19, Samar teaches the invention as claimed, including a method as in claim 
18, in which the step of performing the predetermined transformation of the I/O data comprises 
encrypting data written by the VM to the data storage device and decrypting data read from the 
data storage device by the VM (Abstract, 0029, 0030, 0040, 0041). 



48" As per claim 20, Samar teaches the invention as claimed, including a method as~in~craim 
18, in which the step of performing the predetermined transformation of the I/O data comprises 
compressing data written by the VM to the data storage device and decompressing data read 
from the data storage device by the VM (Abstract, 0029, 0030, 0040, 0041). 
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Conclusion 



49. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Syed J Ali whose telephone number is (571) 272-3769. The 
examiner can normally be reached on Mon-Fri 8-5:30, 2nd Friday off. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Meng-Ai T An can be reached on (571) 272-3756. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 




Syed Ali 

September 7, 2004 
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